sudo/sudo.spec

304 lines
10 KiB
RPMSpec
Raw Normal View History

%define sysadmin_groupid 30
%define sysadmin_name sysadmin
%define with_exempt 0
Name: sudo
Version: 1.8.11p1
Release: 1mamba
Summary: Allows restricted root access for specified users
Group: System/Tools
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.courtesan.com/sudo/
Source0: http://www.courtesan.com/sudo/dist/%{name}-%{version}.tar.gz
Source1: %{name}-sudoers.conf
Source2: %{name}-pam.conf
Patch2: %{name}-1.6.8p9-samples.patch
Patch3: %{name}-1.6.8p9-can_2005_2959.patch
Patch4: %{name}-1.6.8p12-can_2006_0151.patch
Patch5: %{name}-1.6.8p12-badenv_table_more.patch
Patch6: %{name}-1.6.8p12-sudoers_man.patch
Patch7: %{name}-1.7.0-disable_env_reset.patch
Patch8: %{name}-1.8.6p4-qemu_no_geteuid.patch
License: BSD
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libz-devel
BuildRequires: perl-devel
## AUTOBUILDREQ-END
BuildRequires: pam-devel
%if "%{stage1}" != "1"
BuildRequires: libopenldap-devel
BuildRequires: vim
%endif
%if "%{stage1}" != "1"
Requires: vim >= 6.3
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
Sudo (superuser do) is a program designed to allow a sysadmin to give limited root privileges to users and log root activity.
The basic philosophy is to give as few privileges as possible but still allow people to get their work done.
%prep
%setup -q
#%patch2 -p1
#%patch4 -p1 -b .can_2006_0151
%if %with_exempt
%patch6 -p1 -b .sudoers_man
%endif
#%patch7 -p1
%patch8 -p1
%build
%configure \
--with-logging=syslog \
--with-logfac=authpriv \
%if "%{stage1}" != "1"
--with-ldap \
%endif
--with-pam \
--without-rpath \
--with-tty-tickets \
--with-editor=%{_bindir}/vi \
--with-env-editor \
--with-ignore-dot \
--with-all-insults \
--without-lecture \
--with-secure-path="\
--with-timedir=/var/db/sudo \
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/kde/bin:/opt/kde3/bin" \
--with-fqdn \
%if %with_exempt
--with-exempt=%{sysadmin_name} \
%endif
--disable-root-mailer \
--with-sendmail=/usr/sbin/sendmail \
--disable-setresuid
# --disable-envreset
# --with-password-timeout=0
%make
%install
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
%makeinstall \
install_uid=`id -u` \
install_gid=`id -g` \
sudoers_uid=`id -u` \
sudoers_gid=`id -g`
rm -f %{buildroot}%{_bindir}/sudoedit
ln -sf sudo %{buildroot}%{_bindir}/sudoedit
install -D -m0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
install -D -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -d %{buildroot}%{_var}/log
touch %{buildroot}%{_var}/log/%{name}.log
install -d -m 700 %{buildroot}/var/run/sudo
install -d -m 510 %{buildroot}%{_sysconfdir}/sudoers.d
%find_lang %{name}
%find_lang sudoers
cat sudoers.lang >> %{name}.lang
%clean
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
%pre
groupadd sysadmin -g %{sysadmin_groupid} 2>/dev/null || :
exit 0
%post
if [ $1 -gt 1 ]; then
/bin/chmod 0440 %{_sysconfdir}/sudoers || :
grep guarddog %{_sysconfdir}/sudoers >/dev/null && \
sed -i "s|/opt/kde3/bin/guarddog|/usr/sbin/ufw|" %{_sysconfdir}/sudoers
#grep "/etc/sudoers\.d" %{_sysconfdir}/sudoers >/dev/null || \
# echo "#includedir /etc/sudoers.d" >> %{_sysconfdir}/sudoers
fi
exit 0
%files -f %{name}.lang
%defattr(-,root,root)
%attr(0110,root,root) %{_sysconfdir}/sudoers.d
%attr(0440,root,root) %config %{_sysconfdir}/sudoers
%attr(4111,root,root) %{_bindir}/sudo
%attr(4111,root,root) %{_bindir}/sudoedit
%attr(4111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%config %{_sysconfdir}/pam.d/sudo
%dir %{_libexecdir}/sudo
%{_libexecdir}/sudo/group_file.la
%{_libexecdir}/sudo/group_file.so
%{_libexecdir}/sudo/libsudo_util.la
%{_libexecdir}/sudo/libsudo_util.so
%{_libexecdir}/sudo/libsudo_util.so.*
%{_libexecdir}/sudo/sudo_noexec.la
%{_libexecdir}/sudo/sudo_noexec.so
%{_libexecdir}/sudo/sudoers.la
%{_libexecdir}/sudo/sudoers.so
%{_libexecdir}/sudo/system_group.la
%{_libexecdir}/sudo/system_group.so
%{_includedir}/sudo_plugin.h
%ghost %{_var}/log/%{name}.log
%dir /var/run/sudo
%attr(0700,root,root) %{_localstatedir}/db/sudo
%dir %{_docdir}/sudo
%{_docdir}/sudo/*
%{_mandir}/man5/sudo.conf.5*
%{_mandir}/man5/sudoers.*
%{_mandir}/man8/sudo.*
%{_mandir}/man8/sudoreplay.*
%{_mandir}/man8/sudoedit.*
%{_mandir}/man8/visudo.*
%{_mandir}/man8/sudo_plugin.8*
%doc doc/LICENSE
#%doc ChangeLog README README.LDAP
%changelog
* Tue Oct 28 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.11p1-1mamba
- update to 1.8.11p1
- sudoers: enable /sbin/ldconfig for DISTRO_CMD users
* Thu Jul 03 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.9p5-2mamba
- /etc/sudoers: remove old programs and add ufw to SYSADM_CMD (to fix mambatray enable/disable)
* Wed May 28 2014 Automatic Build System <autodist@mambasoft.it> 1.8.9p5-1mamba
- automatic update by autodist
* Sat Feb 01 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.9p4-1mamba
- update to 1.8.9p4
* Fri Oct 04 2013 Automatic Build System <autodist@mambasoft.it> 1.8.8-1mamba
- automatic update by autodist
* Mon Jun 17 2013 Automatic Build System <autodist@mambasoft.it> 1.8.7-1mamba
- automatic version update by autodist
* Tue Apr 16 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p8-1mamba
- automatic version update by autodist
* Fri Mar 01 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p7-1mamba
- automatic version update by autodist
* Wed Jan 23 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p4-1mamba
- automatic version update by autodist
* Wed Sep 19 2012 Automatic Build System <autodist@mambasoft.it> 1.8.6p3-1mamba
- automatic version update by autodist
* Sun Jun 26 2011 Automatic Build System <autodist@mambasoft.it> 1.8.1p2-1mamba
- automatic update by autodist
* Wed Feb 02 2011 Automatic Build System <autodist@mambasoft.it> 1.7.4p6-1mamba
- automatic update by autodist
* Tue Jan 11 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p4-2mamba
- sudoers: change path or rpm from /bin/rpm to /usr/bin/rpm (rpm 5)
* Wed Nov 10 2010 Automatic Build System <autodist@mambasoft.it> 1.7.4p4-1mamba
- automatic update by autodist
* Fri Sep 03 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p3-2mamba
- create and own /var/db/sudo
* Sun Aug 22 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p3-1mamba
- update to 1.7.4p3
- added support for /etc/sudoers.d directory
* Mon Jun 21 2010 Automatic Build System <autodist@mambasoft.it> 1.7.2p7-1mamba
- automatic update by autodist
* Mon Feb 15 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.2p2-3mamba
- /opt/kde3/bin/kcmshell removed from /etc/sudoers
* Wed Jan 06 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.2p2-2mamba
- add /usr/bin/smart to sudoers DISTRO_CMD
* Tue Dec 08 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2p2-1mamba
- automatic update by autodist
* Wed Jul 29 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2p1-1mamba
- automatic update by autodist
* Fri Jul 17 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2-1mamba
- automatic update by autodist
* Sun Apr 19 2009 Automatic Build System <autodist@mambasoft.it> 1.7.1-1mamba
- automatic update by autodist
* Sat Apr 04 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.0-1mamba
- automatic update by autodist
* Sun Feb 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p20-1mamba
- update to 1.6.9p20
- added support for kde4 binaries path
* Wed Dec 03 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p18-1mamba
- automatic update by autodist
* Thu May 08 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p15-2mamba
- added kde3 path to secure dirs; removed /usr/X11R6/bin
- added patch that disables default environment reset
* Mon Mar 31 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p15-1mamba
- update to 1.6.9p15
- sudoers: allow execution of all commands in system path to sysadmin group
requiring user password
- removed pam, badenv table and can_2006_0151 patches applied upstream
* Fri Dec 28 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-13mamba
- removed a message when installing/upgrading
* Tue Nov 27 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-12mamba
- sudoers: added /opt/kde3/bin/mambapt in DISTRO_CMD
- sudoers: removed obsolete EXTRA_CMD (/usr/bin/updatechecker and /usr/bin/activate)
* Thu Nov 22 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-11mamba
- fixed pam configuration file
* Mon Nov 19 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-10mamba
- added guarddog and kcmshell to SYSADM_CMD
* Tue Jun 27 2006 Massimo Pintore <massimo.pintore@qilinux.it> 1.6.8p12-9qilnx
- added EXTRA_CMD alias in sudoers file
* Fri Apr 21 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-8qilnx
- added /usr/bin/apt-cdrom and /usr/bin/updatechecker in sudoers file
* Thu Apr 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-7qilnx
- option '--with-exempt=%{sysadmin_name}' disabled
* Wed Apr 05 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-6qilnx
- rebuild with the option '--with-exempt=%{sysadmin_name}'
- removed patch for CAN-2005-2959 (fixed upstream)
* Tue Feb 14 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-5qilnx
- create and handle sysadmin group
* Mon Feb 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-4qilnx
- new patch for CVE-2006-0151
* Wed Jan 25 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-3qilnx
- allow "packager" group users to execute rpm, apt-get and synaptic
* Mon Jan 23 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-2qilnx
- security update for CVE-2006-0151 (qibug#117)
* Mon Nov 14 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-1qilnx
- update to version 1.6.8p12 by autospec
- also fixes a security issue in perl scripts (QiLinux bug#69)
* Wed Oct 26 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p9-2qilnx
- security fix for CAN-2005-2959 (closes: #55)
* Fri Sep 30 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p9-1qilnx
- package created by autospec